IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Google sets out 20-question framework for AI agents

Google sets out 20-question framework for AI agents

Wed, 8th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Google has published a framework of 20 questions for companies building and deploying AI agents, centred on its Gemini Enterprise Agent Platform.

The document targets IT leaders under pressure to roll out agent-based systems while managing security, governance and operating costs. It lays out a structured set of issues for engineering teams to address across development, deployment, oversight and lifecycle management.

At the core of the approach is Google's view that companies should treat AI agents as operational software requiring defined controls, not as simple chatbot features. The questions cover who is building the software, who will use it, how agents connect to company data, and what guardrails should apply in production.

Organisations should first consider who is creating these systems, from business users working with no-code tools to software engineers writing custom code, Google says. In its view, that distinction matters because a common platform is needed to avoid fragmenting security and data controls across teams.

Another early question is whether an agent is being built for employees or customers to use directly, or for machine-to-machine interaction behind the scenes. Google says the answer shapes the design: user-facing systems require a stronger focus on interface and usability, while agent-to-agent systems depend on interoperability standards.

Build choices

The guidance outlines what Google describes as a four-level development model. At one end are visual tools for rapid prototyping by less technical teams; at the other is a code-first development kit for engineers building more complex multi-agent systems.

It also advises companies to start with a single specialised agent rather than a broad system designed to handle many tasks. According to Google, a narrow scope can limit errors, reduce latency and make troubleshooting easier before organisations move to coordinated networks of specialised agents.

On data access, Google points to the growing use of Model Context Protocol, or MCP, as a way to connect agents to live enterprise systems and databases. But it argues that connectivity alone is not enough. Data must also be organised with business context, metadata and logic if agents are to return accurate results.

Interoperability is another recurring theme. Large organisations are likely to end up with agents built on different frameworks, which Google says could create new silos unless companies adopt a common communications layer. It points to the open Agent2Agent protocol as one option for linking agents built on different systems.

Cost and scale

The framework gives significant attention to the practical challenge of scaling these systems without sharply increasing costs. Google says companies should deploy agents in managed serverless environments that can expand with demand while supporting low-latency interactions, private networking and packaged software dependencies.

For cost control, it recommends matching model choice to task complexity rather than using the most advanced model for every request. That includes using lighter-weight models for routine work, reserving more expensive reasoning models for final decisions, and limiting context windows, iteration depth and unnecessary tool use.

Google also addresses long-running tasks, arguing that agents need both short-term session state and longer-term memory to maintain context over time. The point reflects a broader challenge for businesses testing agents beyond simple prompts and responses and into multi-step workflows.

Governance focus

Much of the guidance focuses on governance and risk. Google says agents that run scripts, browse the web or interact with external systems should operate inside isolated sandbox environments rather than directly on a company's network.

It also argues that prompts alone are not enough to keep an agent aligned with a company's rules or tone. Instead, Google presents deterministic guardrails and structured workflows as necessary to keep systems within set boundaries, particularly in compliance-sensitive or customer-facing use cases.

Identity and access management features heavily. Google says one of the most secure patterns for internal workflows is delegated authority, in which the agent inherits the permissions of the employee using it. It argues that this allows businesses to align data access with existing controls and preserve audit trails.

Google also warns about "shadow AI" and unchecked growth in internal agent projects. To counter that, it recommends a central registry showing each active agent, its owner, the data it targets and the tools it is allowed to use.

The framework also calls for a dual policy model that combines conventional identity and access management with semantic checks that inspect the meaning of a user request before an agent acts on it. In addition, Google says all interactions should pass through an agent gateway so policy breaches, prompt injection attempts and content issues can be detected and blocked.

Security monitoring forms the final layer. Google says businesses should audit agent behaviour in near real time to identify anomalies such as unauthorised database commands or suspicious network connections, allowing compromised or malfunctioning systems to be isolated quickly.

The overall message is that deploying agents is becoming a full-stack operational and governance problem rather than a narrow software development exercise. Google says development teams need a single command layer linking local work, testing, evaluations and production updates through existing CI/CD pipelines.

"Nobody wants to click through five different cloud consoles just to push an update or run a test."